Outcomes Why are computer networks vulnerable?

Similar presentations

1 Outcomes Why are computer networks vulnerable?Methods used by hacker to gain unauthorised accessVirusesDifferent type of virusesHow do viruses infect computersMethods used by anti-virus softwareSymptoms of virus infectionSteps to take to protect your computer from viruses

2 Brief History of Computer SecurityWith the explosive growth of theInternet, there has been a rise inimportance of computer security

3 Why are networked systems vulnerable.Internet is 37 years oldWas designed without security provisionsCommunication protocols (TCP/IP) were designed when the security was not an issue.Security features had to be layered at the top of the designOld operating systems were design for a single userNo security was needExplosive growth of desktops started in ’80sAlso no emphasis on securityExplosive growth started in mid-’90sSecurity not a priority until much later

4 Computer security was ignoredInterest in computer security very oldBut largely confined to the militaryOther communities did not careInternet - it’s only a research network, who would attack it?Desktops - who needs military security, I just want to run my spreadsheet!

5 Important event Morris worm - 1988 E-commerce - mid ‘90sBrought down a large fraction of the InternetAcademic interest in network securityE-commerce - mid ‘90sIndustrial interest in network security protocolsResurgence of worms - early ‘00sMade computer security a household term

6 Modern operating systemsImproved security in modern operating systemsChallenge for hackersHackers did not give upmore sophisticated virus were born.Security is still a major issue in networked systems

7 Unauthorised logins and password stealingIntruders use various ways to access someone’s accountBrute force:Program making successive login attemptsDomain knowledge:Users tend to use passwords easy to rememberPartner’s name, …Mock login:If a hacker has physical access, they might install a program simulate the screen image of the login prompt and store userid/password.Human factors:Call the computer help desk claiming you forgot your password.Reformed hackers, the best way to get information is to ask for it.Spyware:malicious code that gains access to a computer via a Trojan Horsecan monitor the user’s keystrokes and report passwords, credit card numbersetc to the hacker via a TCP/IP connection

9 Virus Statistics 1988: Less than 10 known viruses1990: New virus found every day1993: new viruses per week1999: 45,000 viruses and variants

10 A Couple of Definitions:A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user.“a program that replicates by “infecting” other programs, so that they contain a copy of the virus”

11 HowViral code is attached or “inserted” into the order of execution so that when the legitimate code is run the viral code is also run or run instead of the legitimate code.May be “tacked” on to the end of an executable file or inserted into unused program space.Cavity viruses:Overwrite part of a legitimate programHard to detect as file size is not modifiedOverwrite boot records:Viruses starts executing when the computer starts up

12 The Normal Virus works like this:User call for a legitimate programThe virus code, having inserted itself in the order of execution, executes instead or in addition to the legitimate program.The virus code terminates and returns control to the legitimate program

13 How they work: Basic structure: {look for one or more infectable objectsif (none found)exitelseinfect object}Doesn’t remain in memory, but executes all of the viral code at once then returns control to the infected program

14 WormsA computer WORM:is a self-contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems via network connections. worms do not need to attach themselves to a host program.2 types of wormshost computer wormsnetwork worms.

15 NETWORK- Computer Worms Network worms consist of multiple parts, called segments.The segments run on different machines on the networkand may even perform different actionsMoving a segment from one machine to another is only one of their purposes.

16 HOST- Computer Worms Host computer worms:are entirely contained in the computer they run on.use network connections only to copy themselves to other computers.the original terminates after it launches a copy on to another host.Only one copy of the worm running somewhere on the network at a time

17 How Viruses are bornUnlike biological viruses, computer viruses do not simply evolve by themselvesdeliberately created by programmers, or by people who use virus creation software

18 How Viruses are bornViruses are written asresearch projectsto attack the products of specific companies,to distribute political messages,and financial gain from identity theft,Some virus writersconsider their creations to be works of artSee virus writing as a creative hobbyReleasing computer viruses is a crime in most jurisdictions

19 Viruses can avoid detectionTo avoid detection by users, viruses employ different deception methodsThey do not make themselves tochange the date of last modifiedincrease file sizesdamage the filesThey kill the tasks associated with antivirus software before it can detect them

20 Logic Bomb:Logic Bomb: A logic bomb executes when specific conditions occur.Triggers for logic bombs can include change in a file, by a particular series of keystrokes, or at a specific time or date.

21 TrapdoorTrapdoors allow access to a system by skipping the usual login routine.Overall goal of rootkits: install trapdoors

22 Macro Viruses Macro virus:Encoded as macro and embedded in a document.Many applications allows you to embed a macro in a document.Microsoft Word, Excel, AccessThe macro executes each time the document is open.Infect programming environments rather than filesOnce a macro virus gets onto your machine, it embedded itself in all future documents you create with the application75% of all viruses today are macro viruses

23 Why are they so dangerous?Can infect multiple types of operating systemsPeople don’t normally think of viruses in documentsEasy to learn how to write a macro virusBecause office programs are usually integrated, programs can be used to further spread the virus

24 Famous Macro Viruses Concept: - Distributed by MicrosoftConsidered to be the first macro virusSimply showed the potential for macro viruses

25 History of some well known Viruses1999 The Melissa virus:is a macro virus,It uses Microsoft Word to infect computers and is passed on to others through Microsoft Outlook and Outlook Express programsOverwrites first macro in open documents and in the normal.dot templateTurns off macro detection

26 Viruses (Con’t) 2000 The "I Love You Virus"wreaks havoc around the world.It is transmitted by and when opened, is automatically sent to everyone in the user's address book

27 July 2001: The Code Red worminfects tens of thousands of systems running Microsoft Windows NT and Windows 2000 server software.causing an estimated $2 billion in damages.The worm is programmed to use the power of all infected machines against the White House Web site at a predetermined date.the White House deciphers the virus's code and blocks traffic as the worm begins its attack..

29 Viruses (Con’t) 26 January 2004, MyDoom:The Mydoom virus is first identified around 8am.Computer security companies report that Mydoom is responsible for approximately one in ten messages at this time.Slows overall internet performance by approximately ten percent and average web page load times by approximately fifty percent1 February: An estimated one million computers around the world infected with Mydoom begin the virus's massive distributed denial of service attack—the largest such attack to date

30 Virurses (Con’t) 2007: A new virus called "Storm Worm." is released.This fast-spreading spammer disguises itself as a news and asks you to download film.The "Storm Worm" gathers infected computers into a botnet, which it uses to infect other machines.It was first identified on Jan. 17 and within 13 days had infected 1.7 million computers

31 9 million computers running on Windowsoperating system were hit.2009 "Conficker" worm:9 million computers running on Windowsoperating system were hit.The malware spread via the Internet and the main tools that helped the worm spread were unpatched corporate networks and USB memory sticks.t loads itself on to a computer by exploiting a weakness in Windows servers.Once it has infected a machine, the software also tries to connect to up to 250 different domains with random names every day.

33 The Original Trojan HorseTrojan horses are named after Homer’s Iliad story of Greeks gifting a huge wooden horse to Troy that housed soldiers who emerged in the night and attacked the city.

34 Trojan HorsesTrojan horses are programs that appear to have one function but actually perform another function.Modern-day Trojan horses resemble a program that the user wishes to run - a game, a spreadsheet, or an editor. While the program appears to be doing what the user wants, it is also doing something else unrelated to its advertised purpose, and without the user's knowledge.

35 Denial-of-Service (DoS) AttacksPrevent a system from servicing legitimate requestsIn many DoS attacks, unauthorized traffic saturates a network’s resources, restricting access for legitimate usersTypically, attack is performed by flooding servers with data packetsUsually require a network of computers to work simultaneously, although some skillful attacks can be achieved with a single machineCan cause networked computers to crash or disconnect, disrupting service on a Web site or even disabling critical systems such as telecommunications or flight-control centers

36 Distributed DoS attacksPrograms of this typeSpread to as many hosts as possibleWait for predefined commands or fixed date and time to lunch denials of Service

38 Software ExploitationBuffer overflow attacksOccurs when an application sends more data to a buffer than it can holdCan push the additional data into adjacent buffers, corrupting or overwriting existing dataA well-designed buffer overflow attack can replace executable code in an application’s stack to alter its behaviorMay contain malicious code that will then be able to execute with the same access rights as the application it attackedDepending on the user and application, the attacker may gain access to the entire system

39 Buffer Overflow Injectionbuffer overflow, or buffer overrun,is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.can be triggered by inputs that are designed to execute code, or alter the way the program operatesStepsInject attack code into bufferRedirect control flow to attack codeExecute attack code.

40 Types of Propagation Parasitic Boot sector infectorsPropagates by being a parasite on other files.Attaching itself in some manner that still leaves the original file usable..com and .exe files of MS-DOSMacro virusBoot sector infectorsCopy themselves to the bootable portion of the hard (or floppy) disk.The virus gains control when the system is booted.

41 How Antivirus software works?Detect using a list of virus signature definitionscomparing the files stored on fixed or removable drives (hard drives, floppy drives), against a database of known virus "signatures".

42 How Antivirus software works?Heuristic detection:Use a heuristic algorithm to find viruses based on common behaviorsLooks for code which is similar to known virusesOr monitor suspicious activitiesAttemting to write to system files or boot records.

43 How Antivirus software works?File size changes:Are monitoredDifficult to detect cavity viruses as the file size will not necessarily change.

44 How Antivirus software works?Some anti-virus programs gives you a real time protectionExamin files as they are being opened, downloaded, copied, accessed, and transmitted etc

45 How Antivirus software works?They need regular updatesin order to gain knowledge about the latest threats

46 Damage prevention & data recoveringHow to prevent damages caused by viruses?Take regular backups (including OS) on different media, unconnected to the system (most of the time)

47 Keep your computer Virus freeInstall reliable anti-virus softwarethe most important step you can take towards keeping your computer clean of virusesUpdate your anti-virus software regularlyvariations of viruses and new ones can be slipped if your software is not current

48 Keep your computer Virus freeGet immediate protectionConfigure your anti-virus software to boot automatically on start-up and run at all times

49 Keep your computer Virus freeDon't automatically open attachmentsensure that you examine and scan and other attachments before they run as they might contain virusesActivate macro virus protection in your word processorCheck security setting in your web browser.Scan all incoming attachmentsDo not open any attached files if the subject line is questionable, unexpected or the source (address) is unknown, suspicious or untrustworthy

50 Keep your computer Virus freeDelete chain s and junkDo not forward or reply to any of them, they clogs up the networkSome viruses can replicate themselves and spread through as a chain

52 Summary Computer network are vulnerableMethods used by hacker to gain unauthorised accessVirusesDifferent type of virusesHow do viruses infect computersMethods used by anti-virus softwareSymptoms of virus infectionSteps to take to protect your computer from viruses

53 Resources Symantec Anti-virus centreCentre for computing and social Responsibility (CCSR)CERT: Centre at Carnegie-Mellon University USARisks forum: online discussion about security issuesCIAC: site hosted by US Dept of EnergyDealing with hoax virus alertsMicrosoft: